How can I restrict SonicWall management access for specific IP address(es) only?

Description

If there is a need to log in to management of the SonicWall security appliance for an interface, enable the supported management service(s): HTTPS, SSH, Ping, and SNMP. Also there are options to allow only the authorized IP address(es) to hit the SonicWall on its management service(s). This type of restriction wouldn't provide SonicWall any unauthorized access(es).

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

Enabling the management services on WAN interface of SonicWall.

  1. Navigate to Network | System | Interfaces page in the SonicWall GUI.
  2. Click Configure option of the WAN interface.
  3.  In General tab, enable the check boxes HTTPS, Ping, SNMP and SSH for Management.
  4. Click OK

Image



Enforcing Inbound restriction: Adding address object/group to the WAN to WAN management access rules

  1. Navigate to | Policies | Rules and Policies | Access Rules page in the SonicWall GUI. 
  2. Choose view style as Matrix and click on WAN to WAN matrix button.


    Image

  3. Click on the Configure option of the management rules and choose the newly created or existing address object / group in the Source field of the access rule.
    Image  

  4. You can edit the default access rule and can change the source to the intended address only.

  5. Createing address objects for Internet Hosted Address with zone type WAN

    Click 170504660027820 to get instructions on creating address object/group.

  6. The below screenshot depicts that the management access rules were applied with specific source addresses instead of selecting any.
    Image

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

Enabling the management services on WAN interface of SonicWall.

  1. Navigate to Manage | System Setup | Nnetwork | Interfaces page in the SonicWall GUI.
    2. Click Configure option of the WAN interface.
    3. In General tab, enable the check boxes HTTP, HTTPS, Ping, SNMP and SSH for Management.
    4. Click OK.
    Image

Enforcing the address object / group to the WAN to WAN management access rules

  1. Navigate to Manage | Policies | Rules | Access Rules page in the SonicWall GUI. 
  2. Choose view style as Matrix and click on WAN to WAN matrix button.
    Image
  3. Click on the Configure option of the management rules and choose the newly created or existing address object / group in the Source field of the access rule.
    Image
  4. You can edit the default access rule and can change the source to the intended address only.

  5. Creating address objects for Internet Hosted Address with zone type WAN

    Click 170504660027820 to get instructions on creating address object / group.

  6. Below screenshot depicts that the management access rules were applied with specific source addresses instead of selecting any.Image

Related Articles

  • SonicOS 8.1.0 FAQ
    Read More
  • SonicWall GEN8 TZs and GEN8 NSas Settings Migration
    Read More
  • Getting started with SonicWall firewalls
    Read More

Categories

Firewalls
NSa Series
Firewall Management
Firewalls
NSv Series
Firewall Management
Firewalls
TZ Series
Firewall Management UI
not finding your answers?
Ask the Community